Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
surfer_stos

mynewslink.com ?

Recommended Posts

Olá....

Atualmente estou com essa praga....

alguns sites que clico me direcionam para esse endereço:

mynewslink.com

mas o nome do site original continua no endereço.

Paesei todos os spyweres possiveis e nada.

Passei o panda on line e ele me mostrou isso:

Incident Status Location

Hacktool:HackTool/EvID No disinfected C:\Downloads\EvID4226Patch223d-en\EvID4226Patch.exe

Hacktool:HackTool/EvID No disinfected C:\Downloads\EvID4226Patch223d-en.zip[EvID4226Patch.exe]

o que eu faço ?

Me ajudem....

Obrigado !!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o seguinte:

Baixe o HijackThis versão atual.

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado Originalmente por The Who@06 de setembro de 2005, 11:27

Faça o seguinte:

Baixe o HijackThis versão atual.

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

Um abraço.

Olá the woo Obrigado por reponder ....espero que voce possa me ajudar....ai vai o que pediu :

Logfile of HijackThis v1.99.1

Scan saved at 17:29:28, on 7/9/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [WinPatrol] C:\ARQUIV~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.bancodobrasil.com.br/VSApps/vspta3.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

surfer_stos

Você fez um download e Panda diz ser algum provável Hacktool

C:\Downloads\EvID4226Patch223d-en.zip

não sei se tem a ver com o problema do redirecionamento.

voce instalou ou não.

Submeta neste site

http://virusscan.jotti.org/

http://www.virustotal.com/flash/index_en.html

o seguinte arquivo estranho:

C:\Downloads\EvID4226Patch223d-en\EvID4226Patch.exe

Browse -> send/submit -> Retorne com os resultados.

alguns sites que clico me direcionam para esse endereço:

mynewslink.com

O log está limpo. então vamos correr atrás de outras fontes de informação.

De 02 cliques na ferramenta HijackThis

Open the Misc Tools section

Veja la

Generate StartupList log

marca as duas opções e gera o log

post o log

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado Originalmente por The Who@07 de setembro de 2005, 19:49

surfer_stos

Você fez um download e Panda diz ser algum provável Hacktool

C:\Downloads\EvID4226Patch223d-en.zip

não sei se tem a ver com o problema do redirecionamento.

voce instalou ou não.

Submeta neste site

http://virusscan.jotti.org/

http://www.virustotal.com/flash/index_en.html

o seguinte arquivo estranho:

C:\Downloads\EvID4226Patch223d-en\EvID4226Patch.exe

Browse -> send/submit -> Retorne com os resultados.

O log está limpo. então vamos correr atrás de outras fontes de informação.

De 02 cliques na ferramenta HijackThis

Open the Misc Tools section

Veja la

Generate StartupList log

marca as duas opções e gera o log

post o log

The Woo obrigado pela atenção e ajuda... valeu mesmo !!!

Sobre o panda on line eu passei ele e ele me deu esse resultado mas acho q não tem nada a ver pois não instalei.

Acho q o meu problema foi um gerador de creditos para celular que instalei no PC ..tinha pego ele no Kazza era um arquivo .exe....eu acho q foi isso !!!

Sobre o log de start ai vai - espero que posso me salvar.....Abraços....

StartupList report, 8/9/2005, 14:31:00

StartupList version: 1.52.2

Started from : C:\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\Userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG7_CC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

AVG7_EMC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

WinPatrol = C:\ARQUIV~1\BILLPS~1\WINPAT~1\winpatrol.exe

QuickTime Task = "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

G-Buster Browser Defense - C:\WINDOWS\Downloaded Program Files\gbieh.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540000}

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]

InProcServer32 = C:\Arquivos de programas\QuickTime\QTPlugin.ocx

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[VSPTA Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\Ptav3.dll

CODEBASE = https://cert.bancodobrasil.com.br/VSApps/vspta3.cab

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://www.pandasoftware.com/activescan/as5free/asinst.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[GbPluginObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\gbieh.dll

CODEBASE = https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------

End of report, 4.418 bytes

Report generated in 0,561 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites

The Woo desculpa não tinha clicado nas duas opções como escreveu ...então abaixo vai do jeito que mandou!!!!

StartupList report, 8/9/2005, 14:37:48

StartupList version: 1.52.2

Started from : C:\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]

*No files*

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG7_CC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

AVG7_EMC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

WinPatrol = C:\ARQUIV~1\BILLPS~1\WINPAT~1\winpatrol.exe

QuickTime Task = "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Editor do Registro'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

G-Buster Browser Defense - C:\WINDOWS\Downloaded Program Files\gbieh.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540000}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]

InProcServer32 = C:\Arquivos de programas\QuickTime\QTPlugin.ocx

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[VSPTA Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\Ptav3.dll

CODEBASE = https://cert.bancodobrasil.com.br/VSApps/vspta3.cab

[Java Plug-in 1.5.0_04]

InProcServer32 = C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://www.pandasoftware.com/activescan/as5free/asinst.cab

[Java Plug-in 1.5.0_04]

InProcServer32 = C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[GbPluginObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\gbieh.dll

CODEBASE = https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

Ambiente de suporte a redes AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)

Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

Driver de mídia assíncrona RAS: System32\DRIVERS\asyncmac.sys (manual start)

Controlador de disco rígido padrão IDE/ESDI: System32\DRIVERS\atapi.sys (system)

Protocolo de cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de fragmento de código de áudio: System32\DRIVERS\audstub.sys (manual start)

AVG7 Alert Manager Server: C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)

AVG7 Update Service: C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)

AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)

Serviço de transferência inteligente de plano de fundo: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Localizador de computadores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Serviço de indexação: %SystemRoot%\system32\cisvc.exe (manual start)

Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)

Aplicativo de sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de disco: System32\DRIVERS\disk.sys (system)

Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Log de eventos: %SystemRoot%\system32\services.exe (autostart)

Sistema de eventos COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de controlador de disquete: System32\DRIVERS\fdc.sys (manual start)

Driver de disquete: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Enumerador de portas de jogos: System32\DRIVERS\gameenum.sys (manual start)

Classificador genérico de pacotes: System32\DRIVERS\msgpc.sys (manual start)

Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Acesso a dispositivo de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

Teclado i8042 e driver de porta de mouse PS/2: System32\DRIVERS\i8042prt.sys (system)

Driver de filtro de criação de CDs: System32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

Driver de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)

Driver de filtro de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Driver de encapsulamento IP em IP: System32\DRIVERS\ipinip.sys (manual start)

Conversor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)

Driver IPSEC: System32\DRIVERS\ipsec.sys (system)

Serviço enumerador IR: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Estação de trabalho: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Auxiliar NetBIOS TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Mensageiro: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Compartilhamento remoto da área de trabalho do NetMeeting

: C:\WINDOWS\System32\mnmsrvc.exe (disabled)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Redirecionador do cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Coordenador de transações distribuídas: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)

Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)

Driver de BIOS de Gerenciamento de Sistema Microsoft: System32\DRIVERS\mssmbios.sys (manual start)

Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)

Driver TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)

Protocolo de modo de usuário E/S em dispositivos NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Driver de rede remota NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBios em Tcpip: System32\DRIVERS\netbt.sys (system)

DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

Logon de rede: %SystemRoot%\System32\lsass.exe (manual start)

Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Reconhecimento de local da rede (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Fornecedor de suporte de segurança NT LM: %SystemRoot%\System32\lsass.exe (manual start)

Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Driver de filtro de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Driver encaminhador de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

Motorola USB Device: system32\DRIVERS\P2k.sys (manual start)

Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Serviços IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

Miniporta de rede remota (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)

Agendador de pacotes QoS: System32\DRIVERS\psched.sys (manual start)

Driver de link paralelo direto: System32\DRIVERS\ptilink.sys (manual start)

Driver de conexão automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)

Gerenciador de conexão de acesso remoto automático: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Miniporta de rede remota (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gerenciador de conexão de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver PPPOE de acesso remoto: System32\DRIVERS\raspppoe.sys (manual start)

Paralelo direto: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Driver redirecionador de dispositivos doTerminal Server: System32\DRIVERS\rdpdr.sys (manual start)

Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)

Driver de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)

Roteamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Alocador Remote Procedure Call (RPC): %SystemRoot%\System32\locator.exe (manual start)

Chama de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)

Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SiS300i: System32\DRIVERS\sis300ip.sys (manual start)

Service for AC'97 Sample Driver (WDM): system32\drivers\ac97sis.sys (manual start)

SIS AGP Bus Filter: System32\DRIVERS\sisagp.sys (system)

SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)

Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)

Driver de filtro de restauração do sistema: System32\DRIVERS\sr.sys (system)

Serviço de restauração do sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Serviço de descoberta SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{8E63A0A1-0F88-4011-BE9C-55DF33824268} (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)

Driver de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)

Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)

Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Host de dispositivo Plug and Play universal: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)

USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)

Motorola USB Modem Driver: system32\DRIVERS\usbser.sys (manual start)

USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)

Controlador de vídeo VGA.: \SystemRoot\System32\drivers\vga.sys (system)

Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)

Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

Cliente da Web: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

WIBU-KEY Kernel Driver: SYSTEM32\DRIVERS\Wibukey.sys (autostart)

Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Adaptador de desempenho WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Atualizações automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 31.049 bytes

Report generated in 0,641 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites
pego ele no Kazza era um arquivo .exe....eu acho q foi isso !!!

surfer

voce submeteu este arquivo nos sites que lhe informei. Sabe o nome do executável.

Existe uma ferramenta que vamos aplicar na execução, mas por enquanto estou analisando o log. Por falar em log, vou solicitar mais alguns, pois ainda não localizei nada.

Download WinPFind - > clica

Extrair o Folder -> C:/

Download Track qoo -> clica

Extrair para o desktop

Reboot no modo de segurança

De 02 cliques no WinPFind.exe

Click "Start Scan"

Vai começar uma varredura, então espere com paciência

Quando o Scan terminar

Vá ao -> WinPFind folder

Localize WinPFind.txt

Post os resultados

Reboot em Normal Mode!

Deixar somente a área de serviço, sem estar conectado. Agora de 02 cliques em -> "Track qoo.vbs", ignore o antivírus

Apresentar os 02 logs por favor.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá the woo ..po cara valeu de novo por sua atneção ao meu problema !!!

então fiz tudo o que mandou e está abaixo !!!

Instalei um soft chamado spyware doctor....muito bom ele resolveu parcialmete meu problema e os site não redirecionam mais para aquele link !

Mas acho q a praga ainda está aqui e espero que você ache ela !!!!

Uma abraço !!!!

surfer

voce submeteu este arquivo nos sites que lhe informei. Sabe o nome do executável.

Existe uma ferramenta que vamos aplicar na execução, mas por enquanto estou analisando o log. Por falar em log, vou solicitar mais alguns, pois ainda não localizei nada.

Download WinPFind - > clica

Extrair o Folder -> C:/

Download Track qoo -> clica

Extrair para o desktop

Reboot no modo de segurança

De 02 cliques no WinPFind.exe

Click "Start Scan"

Vai começar uma varredura, então espere com paciência

Quando o Scan terminar

Vá ao -> WinPFind folder

Localize WinPFind.txt

Post os resultados

RESULTADO DO WIMPFIND :

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600

Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

UPX! 16/2/2005 11:06:16 218112 C:\HijackThis.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...

PEC2 8/4/2003 09:00:00 41128 C:\WINDOWS\SYSTEM32\dfrg.msc

UPX! 4/8/2004 04:45:46 848384 C:\WINDOWS\SYSTEM32\ir41_32.ax

PECompact2 4/8/2005 22:31:46 1452376 C:\WINDOWS\SYSTEM32\MRT.exe

aspack 4/8/2005 22:31:46 1452376 C:\WINDOWS\SYSTEM32\MRT.exe

aspack 4/8/2004 04:45:16 723968 C:\WINDOWS\SYSTEM32\ntdll.dll

Umonitor 4/8/2004 04:45:26 672768 C:\WINDOWS\SYSTEM32\rasdlg.dll

winsync 8/4/2003 09:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

UPX! 24/8/2005 11:38:08 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

FSG! 24/8/2005 11:38:08 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

PEC2 24/8/2005 11:38:08 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

aspack 24/8/2005 11:38:08 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

PTech 4/8/2004 02:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

9/9/2005 12:00:08 S 2048 C:\WINDOWS\bootstat.dat

2/9/2005 09:20:10 H 54156 C:\WINDOWS\QTFont.qfn

6/8/2005 14:33:40 H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a00d7c06aa1620ca2ba67cdaeab630c3\BIT4.tmp

19/7/2005 20:48:44 S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat

9/9/2005 11:59:56 H 8192 C:\WINDOWS\system32\config\default.LOG

9/9/2005 12:00:14 H 1024 C:\WINDOWS\system32\config\SAM.LOG

9/9/2005 12:00:10 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG

9/9/2005 12:01:10 H 81920 C:\WINDOWS\system32\config\software.LOG

9/9/2005 12:00:16 H 786432 C:\WINDOWS\system32\config\system.LOG

12/8/2005 08:24:24 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

24/8/2005 15:03:02 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\9c859998-989a-48a2-a31c-893f0d46fb7d

24/8/2005 15:03:02 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred

9/9/2005 11:58:52 H 6 C:\WINDOWS\Tasks\SA.DAT

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS00138890-8F62-4836-8490-ABFFE072C804.tmp

23/8/2005 21:44:28 H 0 C:\WINDOWS\Temp\CS01849E24-EC46-408E-B753-24AFE528D11E.tmp

24/8/2005 00:44:12 H 440 C:\WINDOWS\Temp\CS01A211E6-88C5-4F3C-BBDA-0377C5DA1A3F.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS0337EE3E-2C7A-4263-AC98-F05E348CF2E5.tmp

23/8/2005 21:44:28 H 240 C:\WINDOWS\Temp\CS04E89772-8C85-4DDA-BBC3-670D60504CBD.tmp

24/8/2005 00:44:10 H 0 C:\WINDOWS\Temp\CS04F1EFB7-0EAC-46BC-8E51-7EB479C4C21E.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS04FC0FB3-4054-44A9-AB24-E0DF3DDBCA4B.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CS057662EC-33FC-4DE3-8589-F932CCC685EE.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS07C2EA5F-EA1D-4C59-A662-9AF969D496F2.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS08239AAA-12A4-4EF6-A9DC-E6048C5E816B.tmp

24/8/2005 00:44:10 H 14 C:\WINDOWS\Temp\CS09EE6E52-0E49-4927-A8B3-81392BAEFE0B.tmp

23/8/2005 19:11:46 H 48 C:\WINDOWS\Temp\CS0CB5A588-FD04-4032-85C1-F338081E4BC6.tmp

20/8/2005 23:59:00 H 96 C:\WINDOWS\Temp\CS0CDA58A3-0985-4AF6-8D4C-FFEC8172903C.tmp

23/8/2005 21:44:28 H 2016 C:\WINDOWS\Temp\CS0D7CBC99-718F-4048-8EC1-B061D34C6253.tmp

20/8/2005 23:59:00 H 30 C:\WINDOWS\Temp\CS0E4140CB-ECA7-4D13-85E3-F69F725DD843.tmp

23/8/2005 22:37:42 H 80652 C:\WINDOWS\Temp\CS0F080966-A5FA-4910-97F7-77A3B7DBCBE4.tmp

24/8/2005 00:44:12 H 126 C:\WINDOWS\Temp\CS12A33FEC-0EDB-46C9-B616-9AA2C9716463.tmp

20/8/2005 23:59:00 H 30 C:\WINDOWS\Temp\CS1346F1CF-111F-4EF4-850F-C3E2AC849249.tmp

23/8/2005 21:44:28 H 0 C:\WINDOWS\Temp\CS13FCEFD8-DC3E-4D5E-970B-363C2EBA2E7A.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CS158DA348-016C-4DA1-8815-BA88CF73FE40.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CS171AD26A-50B4-4287-B94E-EA5B8F5C0647.tmp

23/8/2005 21:44:28 H 39468 C:\WINDOWS\Temp\CS182F7A3F-C3F9-464D-BB70-16A8C801CEBE.tmp

24/8/2005 00:44:12 H 106 C:\WINDOWS\Temp\CS18D2E7EB-B9FA-4165-B519-46CB6B2A4A03.tmp

24/8/2005 00:44:12 H 102 C:\WINDOWS\Temp\CS1A6850CF-80C8-4593-AFB6-29C69ACE2F57.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS1AA07E4D-20D4-4366-8031-2E43C10DA22E.tmp

23/8/2005 19:11:46 H 340 C:\WINDOWS\Temp\CS1CEA9579-6788-44D1-85C6-ADF6E3E4AD01.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS2070EF89-9D23-4923-8F7A-70F24A808836.tmp

23/8/2005 22:37:42 H 1659756 C:\WINDOWS\Temp\CS20B52A27-B70A-4978-A6D8-448097E4362A.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS211A12A9-425E-438A-9384-BF036C49CBEF.tmp

23/8/2005 19:11:46 H 96 C:\WINDOWS\Temp\CS2148E50C-F6BB-439D-AA47-11ED372751BF.tmp

24/8/2005 00:44:10 H 0 C:\WINDOWS\Temp\CS218E09B1-661E-43DC-A568-063BCFF78A3A.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS22519CBF-3B22-467D-B562-2598E6D82EE0.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS2251CC39-8FA7-451A-8E35-D2CCC58D95A6.tmp

23/8/2005 19:11:46 H 132 C:\WINDOWS\Temp\CS22A04F63-6C80-4AF5-A632-2FC022A141F1.tmp

23/8/2005 21:44:28 H 2152248 C:\WINDOWS\Temp\CS22B43BE1-AD17-44CD-A97D-BBBDE8A86EA8.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS23767665-9293-4B45-9C01-EC027A4BA7C5.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS2441190D-572B-44EE-8403-15D00CB7B5E2.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS244CA87A-DC7C-4539-BD7C-7EDA04D03ED2.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS2579F4D6-5AAD-44A5-99AE-425ECE2FB14B.tmp

20/8/2005 23:59:00 H 48 C:\WINDOWS\Temp\CS27701E45-5113-448E-8606-80FEEB4523F0.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS2A4E1749-554D-4211-B1B4-13805D9CB3BE.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CS2A72A762-33C9-48BB-9AC7-64CD6A08B689.tmp

23/8/2005 19:11:46 H 150 C:\WINDOWS\Temp\CS2C827E85-A8E5-41B5-A6F8-50333993E8FE.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS2D01C3E6-381E-4D55-AC75-C889AABFE431.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS2D484795-ACC1-4E64-BB92-A8637FC35389.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS2E1DF891-1A04-400F-81FA-A56241AD3975.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS316B35CD-5A0D-4441-890D-25741A4AE234.tmp

24/8/2005 00:44:12 H 58 C:\WINDOWS\Temp\CS325E4592-FB64-44D1-97F0-356104609CEE.tmp

24/8/2005 00:44:10 H 480 C:\WINDOWS\Temp\CS32D8BD6C-5C06-4DFD-93ED-852D81686A0D.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS32E7D50F-B520-474A-953E-69BD2780F0BC.tmp

23/8/2005 19:11:46 H 14 C:\WINDOWS\Temp\CS34FD19B4-E54C-4EBD-B439-FBDA9F784CB1.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CS3505DD96-58C9-4FF8-82FB-1554CD313B15.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS35514EAA-7BBA-450D-81A6-280170F2531E.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CS355B08ED-275D-4552-AEC3-5B19F757A7ED.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS3625A4D2-F30E-4BC9-8A41-5E7F774F99FA.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS3635DB8E-4F77-4C8B-A77D-D6ECA6EDE1F2.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS38295A1D-CF43-4445-A804-5319E2C38E6E.tmp

20/8/2005 23:59:00 H 90 C:\WINDOWS\Temp\CS39C47014-C10D-419D-9233-F6C75F198059.tmp

23/8/2005 21:44:28 H 6128 C:\WINDOWS\Temp\CS3AAF62B5-8EFC-4965-B8B1-8B85AEC45D10.tmp

23/8/2005 19:11:46 H 132 C:\WINDOWS\Temp\CS3BB189C2-1F03-4C07-8D5C-11514960D3E9.tmp

24/8/2005 00:44:12 H 42 C:\WINDOWS\Temp\CS3C2FC4E2-3C7E-4983-A4E9-5F5A905A1227.tmp

23/8/2005 22:37:42 H 458042 C:\WINDOWS\Temp\CS3FCD60C2-BA84-4B99-AA13-D0B96040D222.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS41004B9E-A94B-4F62-925F-9771E8559F9D.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS4302DC79-CA28-420A-BDE0-8E9D1399B7B0.tmp

20/8/2005 23:59:00 H 50 C:\WINDOWS\Temp\CS4305CF5B-49F8-41E3-B9E9-DC9819820440.tmp

24/8/2005 00:44:12 H 0 C:\WINDOWS\Temp\CS431718CC-630E-4C11-8EF5-132595112105.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CS44F50089-8538-41D9-90A8-BBCB7F4874D7.tmp

24/8/2005 00:44:10 H 48 C:\WINDOWS\Temp\CS45C773EC-02B0-49AD-9B04-F11C2517B57C.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS45D23841-D5B7-4D46-BE9D-149A171FB336.tmp

23/8/2005 22:37:42 H 72068 C:\WINDOWS\Temp\CS4CBED58E-B1B5-4BD2-B82B-E3CCED5FAED2.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CS4DF07E62-F72B-44AD-8C11-763048C95576.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS4E0FA46C-62BD-4D17-999B-5FC412EC33B3.tmp

24/8/2005 00:44:12 H 0 C:\WINDOWS\Temp\CS4E5AEC26-592E-46BF-A339-625F90C82CEC.tmp

23/8/2005 21:44:28 H 1271062 C:\WINDOWS\Temp\CS50240D67-4ECE-4F9F-8E85-CEC3DF715744.tmp

24/8/2005 00:44:10 H 456 C:\WINDOWS\Temp\CS506BF317-A6BB-410D-B06F-5E1B4A37FB22.tmp

20/8/2005 23:59:00 H 102 C:\WINDOWS\Temp\CS52C5D6F9-241E-40FF-BC46-5B5C0F3DB44C.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS54240209-4F98-49C4-A08B-4C729ED4D3BE.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CS559F4BC4-8073-4157-8756-8C29E9878424.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS55C55388-57AF-4CBB-944D-D461C2FAF47A.tmp

23/8/2005 21:44:28 H 3366 C:\WINDOWS\Temp\CS5679A763-174D-4F69-AD4B-DFF7283BDC7E.tmp

24/8/2005 00:44:12 H 122 C:\WINDOWS\Temp\CS57EAB763-049A-4529-84A8-FB5018E18B56.tmp

24/8/2005 00:44:10 H 30 C:\WINDOWS\Temp\CS58E840EC-63CF-4407-893E-57C5718E1BF6.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS5BEA8C01-1083-416A-9841-E7CE30A0F399.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS5CA377BA-BBB8-42AD-B546-9A7F8CD156EB.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS5DE54A03-737D-4266-AB78-435DEE85439A.tmp

23/8/2005 21:44:28 H 128 C:\WINDOWS\Temp\CS5E092DE4-5B16-4C39-B5E6-8A0E8CDB9FE7.tmp

23/8/2005 19:11:46 H 438 C:\WINDOWS\Temp\CS5E332179-52CB-480F-B1C4-A2E6A79E0B71.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS5F97BC81-5EC4-4526-8B4B-E11635D444EE.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS60AB833A-2F67-484B-A4EA-FE01B1EF40E7.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS61FD1688-F591-4C7B-B0F5-5C67BB5B3D2E.tmp

20/8/2005 23:59:00 H 126 C:\WINDOWS\Temp\CS6241B28A-900C-4528-8DE9-646C34A6B30C.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS6387728B-3DE3-426A-9C8E-8A76C07385D7.tmp

20/8/2005 23:59:00 H 440 C:\WINDOWS\Temp\CS63E9055F-4ECE-4D01-B913-4EEF0D0B3C05.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS640B0A8C-43C7-4591-ACD7-21DD46C88D52.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS64724F65-1EAB-4E90-BAF3-E00C1EA2FA88.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS6652404E-4168-4EE4-B1AB-31D989A4236A.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CS6907C6DF-372B-4F2C-A82D-E44AB84C4E7C.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS691EA8B3-8471-49FB-A9F9-A0D3F751D67E.tmp

20/8/2005 23:59:00 H 106 C:\WINDOWS\Temp\CS6B0FA991-E2D0-42D6-9230-028D58982A70.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS6B1CE5B0-7383-4B4B-AFDF-EBD1F133CBBC.tmp

24/8/2005 00:44:12 H 132 C:\WINDOWS\Temp\CS6B4F7C6C-2685-4D9A-B6C0-58F2A96593D6.tmp

20/8/2005 23:59:00 H 480 C:\WINDOWS\Temp\CS6CE0ECED-666D-499A-8316-40AC87698B1C.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS6D82341A-6B6A-4A4C-A1C0-F519C340B903.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS6DA09B4C-3410-4E5F-A846-7DCFE7C3F4DD.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS6DB2E20E-1A5B-4E29-8255-91186FFC617C.tmp

23/8/2005 21:44:28 H 160 C:\WINDOWS\Temp\CS6FD14A11-ABF8-4BC4-A041-94F911202B65.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS721923C2-70C5-43FE-AD9A-2800DF14EF22.tmp

23/8/2005 19:11:46 H 536 C:\WINDOWS\Temp\CS732521BB-07B3-4A6A-A93B-A8C23C225EC6.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS7438DABB-80D3-4032-83B7-BD40237BEA63.tmp

24/8/2005 00:44:12 H 0 C:\WINDOWS\Temp\CS745A8B67-3C41-452B-8E6B-34D834C19DC6.tmp

24/8/2005 00:44:12 H 204 C:\WINDOWS\Temp\CS74A59470-FDC2-4D3B-8134-1332EB16AC4D.tmp

23/8/2005 19:11:46 H 42 C:\WINDOWS\Temp\CS74EEB5E9-6E9C-48BB-8CB1-5ECC334F51B0.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS764EDC6E-D15D-43F0-8113-EC82D3BDD035.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CS76ABC73C-DF3B-47BB-A254-78F35DDD52EE.tmp

20/8/2005 23:59:00 H 132 C:\WINDOWS\Temp\CS76FF6108-B700-40AA-9B1D-2B346DED4DE0.tmp

23/8/2005 19:11:46 H 438 C:\WINDOWS\Temp\CS7713EB34-BD53-467F-BE56-E4C30DFD439B.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CS78565DD3-1CD0-455A-8F06-9D862C261DAF.tmp

24/8/2005 00:44:12 H 96 C:\WINDOWS\Temp\CS7BF88958-1B14-48C6-BE32-922481EF56BC.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS7C35F1F8-598B-4934-837C-B1CF62ADB7A0.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS7C6DBB81-31D8-4195-9E15-B185E8219198.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS7D74A6E4-5F88-4114-9E41-0E1551570108.tmp

23/8/2005 19:11:46 H 478 C:\WINDOWS\Temp\CS7D88E01A-F822-4784-8177-D325CFA8D340.tmp

23/8/2005 19:11:46 H 48 C:\WINDOWS\Temp\CS7DB18488-BF1D-4977-A221-963113F3E317.tmp

20/8/2005 23:59:00 H 150 C:\WINDOWS\Temp\CS7E29DADA-1971-4D2F-B972-EB62022A169F.tmp

24/8/2005 00:44:12 H 0 C:\WINDOWS\Temp\CS7F57F3E1-0E3F-494E-B6DD-3BABD571A67F.tmp

24/8/2005 00:44:12 H 50 C:\WINDOWS\Temp\CS815DF5AA-473B-49C9-81C7-9EDD9077AC3A.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CS838AB989-92E5-4868-A08C-A89FD08C6F00.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS842EE3C5-149B-4A25-BDB4-649B5F410E6E.tmp

23/8/2005 22:37:40 H 1494 C:\WINDOWS\Temp\CS85357EAA-3DD0-4CA6-91D5-29590F08B87A.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS85C5040F-402E-47DA-A898-BD12910E2254.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CS860EE1A2-959A-456E-B8D2-9AD23A88193A.tmp

24/8/2005 00:44:12 H 96 C:\WINDOWS\Temp\CS863C02E9-1402-4A7E-89C4-CD4374DF9726.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS8649407B-9C17-40B3-BB35-9F64151FEDDA.tmp

20/8/2005 23:59:00 H 456 C:\WINDOWS\Temp\CS8656D5C0-2E56-4B87-9108-2737637C6D23.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS8786EB3D-B832-47A5-84A6-1561B7308A4E.tmp

24/8/2005 00:44:12 H 150 C:\WINDOWS\Temp\CS87FED491-B37A-4B2C-8EF1-71DD3E4CD0BC.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS889721E8-33FE-4E14-AE60-E18C1A2612B5.tmp

20/8/2005 23:59:00 H 42 C:\WINDOWS\Temp\CS8987B031-7C3F-4C95-97EC-FABEA513F1A4.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS8C1E3165-1E9A-441A-B19C-0AF351EF3985.tmp

24/8/2005 00:44:10 H 440 C:\WINDOWS\Temp\CS8C3D8522-762E-41F3-94A6-B0C9EE910830.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS8EFE6CF7-DFEE-4CEB-9418-35C9DD10CD59.tmp

20/8/2005 23:59:00 H 48 C:\WINDOWS\Temp\CS8F3C3207-71DF-497B-9A4A-5B983F65EB33.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CS904D1483-81F5-4086-AEA6-BCAE24695756.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS9164FCCD-443F-4849-9705-EB1F4DD5BDFB.tmp

20/8/2005 23:59:00 H 126 C:\WINDOWS\Temp\CS93B70E43-BA2F-46DA-BC8E-2746EFD447BB.tmp

23/8/2005 19:11:46 H 96 C:\WINDOWS\Temp\CS943596D4-019A-4306-9FF2-D6BF971C80CD.tmp

23/8/2005 19:11:46 H 106 C:\WINDOWS\Temp\CS950293AF-A660-4947-B221-F276D2CD9C9A.tmp

23/8/2005 19:11:46 H 58 C:\WINDOWS\Temp\CS954F1574-E23E-40DA-A0CE-EC801D9FF16F.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS98E8A27B-74E9-464E-A52B-DB98E52DA60D.tmp

23/8/2005 19:11:46 H 50 C:\WINDOWS\Temp\CS990F1293-E59B-4C33-BBE9-403AE77F6AE8.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS99CE8E45-1D0F-4EAF-B37D-EE65DCB7E9D5.tmp

23/8/2005 19:11:46 H 454 C:\WINDOWS\Temp\CS99D18625-09C9-4DEF-A0FA-2AE621AB964F.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CS9B7D4566-C8D5-41BA-B8B8-0E83D54A8E8D.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CS9CA96638-146A-4959-B6D7-7076BE9FE926.tmp

23/8/2005 19:11:46 H 204 C:\WINDOWS\Temp\CS9CDD6390-D5EE-4727-B10B-BBFE78F7A841.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CS9D28E07E-2F16-4940-A024-FF6EEA0F26D0.tmp

20/8/2005 23:59:00 H 96 C:\WINDOWS\Temp\CS9F7F4E73-8B68-471B-A03A-23AA628616D7.tmp

23/8/2005 21:44:28 H 0 C:\WINDOWS\Temp\CS9FE37A09-A624-43E0-A5E3-F4677136D0F5.tmp

23/8/2005 21:44:28 H 306 C:\WINDOWS\Temp\CSA029BF2F-3ECE-4B68-97F8-C9543A4DC021.tmp

24/8/2005 00:44:12 H 0 C:\WINDOWS\Temp\CSA0CBEBC6-86E7-4075-A170-2DE7FF83DAAB.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSA30F1868-B742-40B2-BFEE-E7A2BF6D0477.tmp

20/8/2005 23:59:00 H 58 C:\WINDOWS\Temp\CSA44EB160-52EC-455C-B55D-9A354626F123.tmp

23/8/2005 22:37:42 H 1360676 C:\WINDOWS\Temp\CSA5BD1831-8256-4D38-8AE3-2FBD66BAFD7B.tmp

23/8/2005 21:44:28 H 30 C:\WINDOWS\Temp\CSA6130DCB-B429-43E8-A6EB-5E5ECD991A53.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSA6C6F9F1-F6D6-47BD-8FBE-EA79A3B175AA.tmp

23/8/2005 21:44:28 H 1057590 C:\WINDOWS\Temp\CSA8A64578-90B7-467C-A375-020E179F5C35.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CSAE4C380A-75B3-4A36-A5A8-54292D94F37F.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSAEAE408C-12BE-4BE5-A3E5-001BDFD7A8A3.tmp

23/8/2005 21:44:28 H 546366 C:\WINDOWS\Temp\CSB1C820B9-29E4-44BF-94E0-ACB25D34E1F6.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSB2EDAD14-FD1D-40FB-BFA1-A614396AC830.tmp

20/8/2005 23:59:00 H 48 C:\WINDOWS\Temp\CSB3F281A5-7FEC-4150-8679-0B84CB544388.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSB4B74478-3476-4020-BDE9-769D5D4D7393.tmp

23/8/2005 21:44:28 H 38178 C:\WINDOWS\Temp\CSB50C755C-671D-4B06-9444-924EC3CDCDB5.tmp

23/8/2005 19:11:46 H 102 C:\WINDOWS\Temp\CSB7D23C1D-D375-49F8-833D-6791A5D8ACC1.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CSB919677D-9638-4169-92A0-8B00B8B52E93.tmp

20/8/2005 23:59:00 H 342 C:\WINDOWS\Temp\CSBA7C7256-9D2A-44A1-AF9F-1DA1FFC636CE.tmp

24/8/2005 00:44:10 H 0 C:\WINDOWS\Temp\CSBAB22B43-6C77-4FB0-B739-0C974553D41A.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSBE0F0478-138B-404E-9555-ABF8D9AAB873.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CSBEBADF7F-C5F9-478F-85CF-A27CB0DFBF5D.tmp

24/8/2005 00:44:12 H 48 C:\WINDOWS\Temp\CSC0BB5534-2F20-44C3-9D2A-70630ABE3CB3.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSC18BBA9E-A018-491D-868B-497B53A64908.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSC3246FB4-0182-4C83-AA47-380F39A68B5F.tmp

24/8/2005 00:44:12 H 126 C:\WINDOWS\Temp\CSC3EF0642-D8E1-45ED-BDA0-AD0842C041FF.tmp

24/8/2005 00:44:12 H 90 C:\WINDOWS\Temp\CSC483AC7F-F8D9-4594-A005-31ACCC2297F7.tmp

23/8/2005 19:11:46 H 126 C:\WINDOWS\Temp\CSC4AB0880-121F-4C32-AA0D-09179D783CFC.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSC4B0D32A-5D72-4210-92A0-1CCBCC852C6B.tmp

20/8/2005 23:59:00 H 440 C:\WINDOWS\Temp\CSC4C5E887-6504-4C97-B580-C76D4DAFCEE9.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSC4E1DA2E-BAE3-4364-815D-DDF216118276.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSC4E3A124-A3A1-41AA-9886-0FC77176DEE0.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CSC6EB4C8B-908E-4BA8-BE4E-C4EE8107DEE9.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CSC6F88DDF-827F-457E-8C1D-0CE5F09DF740.tmp

23/8/2005 21:44:28 H 1452942 C:\WINDOWS\Temp\CSC6FEAAF8-AC88-4413-A967-1F022384D1EF.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSC7203C94-A33D-425B-BD34-3F83A5FE18E3.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSC9362837-547E-4B3D-8A84-D65C481F0F57.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSC960E82C-5862-4FAF-9019-77069F03A635.tmp

23/8/2005 19:11:46 H 30 C:\WINDOWS\Temp\CSCA3782E6-81FF-44A6-B87A-A9B586BAE8DD.tmp

24/8/2005 00:44:12 H 48 C:\WINDOWS\Temp\CSCBC3BEFC-24BC-434C-ABF7-626D28D1FC58.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CSCCBAF6F6-9A35-41E4-8263-04F77A469E3B.tmp

20/8/2005 23:59:00 H 536 C:\WINDOWS\Temp\CSCD80DC4A-AE88-406F-AA9F-9A9ACA51B330.tmp

24/8/2005 00:44:12 H 132 C:\WINDOWS\Temp\CSCE394690-EF73-4082-89AD-9CFF124FF267.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CSCF453017-0F5B-413D-9A96-6F5865B92DEB.tmp

23/8/2005 21:44:28 H 204 C:\WINDOWS\Temp\CSD127C89B-234C-4357-8745-CCA08E3F454C.tmp

24/8/2005 00:44:12 H 30 C:\WINDOWS\Temp\CSD270E2B3-8615-4A86-95FC-B2B4EEC5C9D2.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSD3A79F9E-69CC-4550-AFC8-7EFB4B7BBF29.tmp

24/8/2005 00:44:12 H 532 C:\WINDOWS\Temp\CSD48CE292-9EE8-4E1C-B416-43CE2F15F377.tmp

20/8/2005 23:59:00 H 204 C:\WINDOWS\Temp\CSD6F3B191-30AA-4896-875B-3858AC74C00A.tmp

23/8/2005 19:11:46 H 48 C:\WINDOWS\Temp\CSD84A4193-64A2-40EE-900F-A4CA03A1C935.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CSD8EB2639-3631-4485-9AA3-B3570138F8C3.tmp

24/8/2005 00:44:10 H 10 C:\WINDOWS\Temp\CSD94E609B-CBC9-493B-9D21-E59DC40592FD.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSDB6548E9-C9E3-4090-B6A7-2DA32B1615D1.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSDCB26CD8-8582-4509-B8F3-9276D4516688.tmp

23/8/2005 19:11:46 H 90 C:\WINDOWS\Temp\CSE0695EE8-808D-40EC-A0C9-27258CFE3146.tmp

23/8/2005 19:11:46 H 0 C:\WINDOWS\Temp\CSE1767EDB-A72A-46E5-B51F-C5FE363E4E32.tmp

23/8/2005 21:44:28 H 748 C:\WINDOWS\Temp\CSE2DA5DCA-45CA-4B47-9F51-9CE1E00FF82C.tmp

23/8/2005 19:11:46 H 10 C:\WINDOWS\Temp\CSE4310BD6-A12B-4704-9B3E-308CC4A4F7E9.tmp

20/8/2005 23:59:00 H 132 C:\WINDOWS\Temp\CSE4BAD7AD-62B6-494A-82AC-AB2CF45F8659.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CSE4D29FD7-A4D7-475B-9B5C-23C209C83455.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSE729D220-39AE-4D93-8701-BC4C1170588F.tmp

23/8/2005 21:44:28 H 5464 C:\WINDOWS\Temp\CSE7BC3404-F48A-403C-95FA-1D977EA72559.tmp

23/8/2005 19:11:46 H 30 C:\WINDOWS\Temp\CSE87655FC-378B-4EF7-8FC5-CDFB340EFDDA.tmp

23/8/2005 21:44:28 H 32 C:\WINDOWS\Temp\CSE8FACB15-3817-4FD1-B4DB-8E8817EE87AE.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSE9A64504-C743-429F-8F3E-C7178FDE0378.tmp

23/8/2005 21:44:28 H 23244 C:\WINDOWS\Temp\CSE9E1169A-B7AB-4406-B9DF-FCBE085EB951.tmp

24/8/2005 00:44:10 H 342 C:\WINDOWS\Temp\CSEA657620-CB3C-4EF8-90FA-6A73C2C728D8.tmp

23/8/2005 21:44:28 H 67919 C:\WINDOWS\Temp\CSEBEF0D12-C83D-406B-BF2F-5C90AF16EDC2.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSEDD9DB2A-DCD8-40D2-B467-60F924233897.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSEF686251-141C-4C3B-BF2A-F50482EEFC04.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CSF02702E6-E747-4847-B3C7-4508F7E29F85.tmp

20/8/2005 23:59:00 H 122 C:\WINDOWS\Temp\CSF42B7220-35A1-4256-9190-01FCA54CC88A.tmp

20/8/2005 23:59:00 H 14 C:\WINDOWS\Temp\CSF68A83F9-74D7-4304-9172-BA4D029C2E24.tmp

23/8/2005 19:11:46 H 126 C:\WINDOWS\Temp\CSFB687D06-336D-447E-9316-9476FC79FF66.tmp

24/8/2005 00:44:12 H 10 C:\WINDOWS\Temp\CSFB98B58A-F844-4360-8F34-CEAECFEC39DB.tmp

23/8/2005 21:44:28 H 902602 C:\WINDOWS\Temp\CSFC0D2CEB-ED83-4FD5-83A7-A589AB95102F.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSFC8E9536-9348-4BBA-A00D-F38A886FD1A1.tmp

23/8/2005 19:11:46 H 122 C:\WINDOWS\Temp\CSFD2CE6E0-4AC8-4F5E-B544-7C6E5ED94213.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSFD2DC995-6424-434A-B47A-D04ECDF4EAE3.tmp

23/8/2005 21:44:28 H 101748 C:\WINDOWS\Temp\CSFEF2E472-4EA4-4805-8B97-F8F79EE2C9D1.tmp

20/8/2005 23:59:00 H 10 C:\WINDOWS\Temp\CSFF22BC70-B464-4AC1-92AB-DD330A14172B.tmp

20/8/2005 23:59:00 H 0 C:\WINDOWS\Temp\CSFFF3F4F7-BDC6-499D-A5BC-408DC462BA07.tmp

24/8/2005 10:43:22 HS 113 C:\WINDOWS\Temp\Histórico\History.IE5\desktop.ini

24/8/2005 10:43:22 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini

24/8/2005 10:43:22 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\05UV4PI7\desktop.ini

24/8/2005 10:43:22 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IVY5KPG1\desktop.ini

24/8/2005 10:43:22 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KDYF4TYZ\desktop.ini

24/8/2005 10:43:22 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Y30XKPQ3\desktop.ini

Checking for CPL files...

Microsoft Corporation 4/8/2004 04:45:46 70656 C:\WINDOWS\SYSTEM32\access.cpl

Microsoft Corporation 4/8/2004 04:45:46 552960 C:\WINDOWS\SYSTEM32\appwiz.cpl

Microsoft Corporation 4/8/2004 04:45:46 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl

Microsoft Corporation 4/8/2004 04:45:46 137216 C:\WINDOWS\SYSTEM32\desk.cpl

Microsoft Corporation 4/8/2004 04:45:46 80384 C:\WINDOWS\SYSTEM32\firewall.cpl

Microsoft Corporation 4/8/2004 04:45:46 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl

Microsoft Corporation 4/8/2004 04:45:46 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl

Microsoft Corporation 4/8/2004 04:45:46 132096 C:\WINDOWS\SYSTEM32\intl.cpl

Microsoft Corporation 4/8/2004 04:45:46 380928 C:\WINDOWS\SYSTEM32\irprops.cpl

Microsoft Corporation 4/8/2004 04:45:46 69632 C:\WINDOWS\SYSTEM32\joy.cpl

Sun Microsystems, Inc. 3/6/2005 03:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl

Microsoft Corporation 8/4/2003 09:00:00 188928 C:\WINDOWS\SYSTEM32\main.cpl

Microsoft Corporation 4/8/2004 04:45:46 624128 C:\WINDOWS\SYSTEM32\mmsys.cpl

Microsoft Corporation 8/4/2003 09:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl

Microsoft Corporation 4/8/2004 04:45:46 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl

Microsoft Corporation 4/8/2004 04:45:46 258048 C:\WINDOWS\SYSTEM32\nusrmgr.cpl

Microsoft Corporation 8/4/2003 09:00:00 37888 C:\WINDOWS\SYSTEM32\nwc.cpl

Microsoft Corporation 4/8/2004 04:45:46 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl

Microsoft Corporation 4/8/2004 04:45:46 116736 C:\WINDOWS\SYSTEM32\powercfg.cpl

Apple Computer, Inc. 23/9/2004 18:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl

Microsoft Corporation 4/8/2004 04:45:46 302080 C:\WINDOWS\SYSTEM32\sysdm.cpl

Microsoft Corporation 8/4/2003 09:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl

Microsoft Corporation 4/8/2004 04:45:46 94208 C:\WINDOWS\SYSTEM32\timedate.cpl

WIBU-SYSTEMS AG 27/12/2001 10:59:22 716800 C:\WINDOWS\SYSTEM32\Wibuke32.cpl

Microsoft Corporation 4/8/2004 04:45:46 148480 C:\WINDOWS\SYSTEM32\wscui.cpl

Microsoft Corporation 26/5/2005 04:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Microsoft Corporation 8/4/2003 09:00:00 188928 C:\WINDOWS\SYSTEM32\dllcache\main.cpl

Microsoft Corporation 8/4/2003 09:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl

Microsoft Corporation 8/4/2003 09:00:00 37888 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl

Microsoft Corporation 8/4/2003 09:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

Microsoft Corporation 26/5/2005 04:16:34 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

26/5/2005 14:16:32 HS 84 C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...

26/5/2005 13:47:32 HS 62 C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

Checking files in %USERPROFILE%\Startup folder...

26/5/2005 14:16:32 HS 84 C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...

26/5/2005 13:47:32 HS 62 C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

PIN do menu 'Iniciar' = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip

{E0D79304-84BE-11CE-9641-444553540000} = C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{00020000-0000-1011-8004-0000C06B5161}

= C:\Arquivos de programas\WIBU-SYSTEMS\System\WibuShellExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

= C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

PCTools Site Guard = C:\ARQUIV~1\SPYWAR~2\tools\iesdsg.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}

PCTools Browser Monitor = C:\ARQUIV~1\SPYWAR~2\tools\iesdpb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}

GbIehObj Class = C:\WINDOWS\Downloaded Program Files\gbieh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Dica do dia = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}

ButtonText = Spyware Doctor :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

Faixa do Explorer = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = E&ndereço : %SystemRoot%\System32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = E&ndereço : %SystemRoot%\System32\browseui.dll

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

AVG7_CC C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

AVG7_EMC C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

WinPatrol C:\ARQUIV~1\BILLPS~1\WINPAT~1\winpatrol.exe

QuickTime Task "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

e-mail Installed = 1

MAPI Installed = 1

MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

SpybotSD TeaTimer C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

Spyware Doctor "C:\Arquivos de programas\Spyware Doctor\swdoctor.exe" /Q

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\ARQUIV~1\ARQUIV~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

dontdisplaylastusername 0

legalnoticecaption

legalnoticetext

shutdownwithoutlogon 1

undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun 145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll

CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll

WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll

SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\Userinit.exe,

Shell = Explorer.exe

System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.

Scan completed on 9/9/2005 12:17:23

Reboot em Normal Mode!

Deixar somente a área de serviço, sem estar conectado. Agora de 02 cliques em -> "Track qoo.vbs", ignore o antivírus

RESULTADO DO TRACK QOO

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"AVG7_EMC"="C:\\ARQUIV~1\\Grisoft\\AVGFRE~1\\avgemc.exe"

"WinPatrol"="C:\\ARQUIV~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"

"QuickTime Task"="\"C:\\Arquivos de programas\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\e-mail]

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

-----------------

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- AVG7 Shell Extension

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll

Subkey --- Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03}

C:\WINDOWS\System32\cscui.dll

Subkey --- Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936}

C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46}

C:\WINDOWS\system32\SHELL32.dll

Subkey --- WinZip

{E0D79304-84BE-11CE-9641-444553540000}

C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

PIN do menu 'Iniciar'

C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {00020000-0000-1011-8004-0000C06B5161}

C:\Arquivos de programas\WIBU-SYSTEMS\System\WibuShellExt.dll

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}

C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}

C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}

C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}

C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}

C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

desktop.ini

==============================

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar

desktop.ini

desktop.ini

==============================

C:\WINDOWS\system32 cpl files

access.cpl Microsoft Corporation

appwiz.cpl Microsoft Corporation

bthprops.cpl Microsoft Corporation

desk.cpl Microsoft Corporation

firewall.cpl Microsoft Corporation

hdwwiz.cpl Microsoft Corporation

inetcpl.cpl Microsoft Corporation

intl.cpl Microsoft Corporation

irprops.cpl Microsoft Corporation

joy.cpl Microsoft Corporation

jpicpl32.cpl Sun Microsystems, Inc.

main.cpl Microsoft Corporation

mmsys.cpl Microsoft Corporation

ncpa.cpl Microsoft Corporation

netsetup.cpl Microsoft Corporation

nusrmgr.cpl Microsoft Corporation

nwc.cpl Microsoft Corporation

odbccp32.cpl Microsoft Corporation

powercfg.cpl Microsoft Corporation

QuickTime.cpl Apple Computer, Inc.

sysdm.cpl Microsoft Corporation

telephon.cpl Microsoft Corporation

timedate.cpl Microsoft Corporation

Wibuke32.cpl WIBU-SYSTEMS AG

wscui.cpl Microsoft Corporation

wuaucpl.cpl Microsoft Corporation

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa

Parte I

Vamos executar três ferramentas. Vamos limpar o sistema, em seguida vamos restaurar o arquivo Hosts, e no final vamos aplicar o deldomais, ou seja, vamos limpar algumas zonas onde ficam alguns domínios sacanas no lugar dos ditos bons. Outrossim, eu notei no google que vários sites redirecionam para este ai. Enquanto vejo os logs. Me de tempo - > para verificar legal.

Download e instale o CCleaner -> clica, mas não rode agora.

Download DelDomains.inf CLICA AQUI. Salve em seu desktop

Download o Hoster CLICA AQUI

Descompacta o folder em C:/

Desabilitar o SB S Destroy para inserir mudanca

Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

CCleaner clica

02 clique em "DelDomains.inf" -> Save Target As -> Install (no need to restart).

De 02 cliques no farolzinho e em seguida abrirá o programa. então verifique e Pressiona "Restore Original Hosts" e clique "OK". Feito isto, Exit e fecha o programa.

Reboot normal windows

Parte II

Os logs não apresentam entradas anormais na minha modéstia interpretação. Tudo beleza mostrado nestas ferramentas adcionais. Como não está ocorrendo redirecionamento, então agora vamos tentar com ferramentas de execução.

Download um -> Trial / Trojan Remover -> clica

Download -> VSCAN/MCAFEE VIRUSCAN [sDAT] -> Clica.

Desativa o Restore ou Sistema de Restauração. Não esqueça de reativá-lo após executar todas as etapas. Veja CLICA AQUI

Desabilitar temporariamente os antispywares para entrar a varredura.

Entra novamente modo de segurança, apertando a tecla F8 quando o windows começar a rodar.

Faça uma varredura com o -> VSCAN/MCAFEE VIRUSCAN [sDAT]

Idem com o Trojan Remover carregado ate o talo com up_dates

Reboot normal windows

Fazer scan on line KAV clica

Post o log KAV se der legal… acho q j era...

Reativar SB S D e sistema de restauração

B sorte

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa

Ola the Woo....fiz tudo mas essa parte não consegui ele abre um arquivo parecendo txt e não da pra mexer em nada!

02 clique em "DelDomains.inf" -> Save Target As -> Install (no need to restart).

Abaixo ta o logo do Kas ele achou 03 trojan e agora o que fazer ???

Abraços.....

-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Sunday, September 11, 2005 18:15:02

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.67.0

Kaspersky Anti-Virus database last update: 11/09/2005

Kaspersky Anti-Virus database records: 139931

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

Scan Statistics:

Total number of scanned objects: 25919

Number of viruses found: 1

Number of infected objects: 3

Number of suspicious objects: 0

Duration of the scan process: 9401 sec

Infected Object Name - Virus Name

C:\Meus Documentos\Download\WarezP2P_TDL.exe/stream/data0038 Infected: Trojan-Downloader.Win32.Small.apc

C:\Meus Documentos\Download\WarezP2P_TDL.exe/stream Infected: Trojan-Downloader.Win32.Small.apc

C:\Meus Documentos\Download\WarezP2P_TDL.exe Infected: Trojan-Downloader.Win32.Small.apc

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

O KAV esta muito sensível com P2P. Veja -> clica

Você quem manda.

fiz tudo mas essa parte não consegui ele abre um arquivo parecendo txt

Tenta com este -> clica

Você precisa dar 02 cliques nele para ser inseridas modificações.

Compartilhar este post


Link para o post
Compartilhar em outros sites

The woo...já fiz de tudo e nada agora nem o S D tá resolvendo....apaguei todos os programas e deixei somente o Spy Doctor...e agora essa praga atacou o meu e-mail.....tipo o outlook não carrega porque ele rediciona para o mynewslink.com

Tem mais alguma solução ou vou ter que formatar mesmo ???

Abraço e Obrigado !!! :muro:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado Originalmente por surfer_stos 08 de setembro de 2005@ 14:36

Acho q o meu problema foi um gerador de creditos para celular que instalei no PC ..tinha pego ele no Kazza era um arquivo .exe....eu acho q foi isso !!!

Um ponto inicial para proliferação de pragas com certeza é o KaZaA. Logicamente não podemos generalizar a situação, mas você poderia mandar Labs KAV analisar o tal arquivo.

porque ele rediciona para o mynewslink.com

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - [url]https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab[/url]
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

Seu log omitiu algumas possíveis entradas, como protocolos, Configurações da rede, DNS....

veja

http://linhadefensiva.uol.com.br/docs/hija...o/8#entrada-o17

http://linhadefensiva.uol.com.br/docs/hijackthis-completo/9/

talvez estas entradas mostraria-nos algumas pistas....

procure alguma entrada relacionada a -> dummy.net ou search dummy.net

por exemplo -> iniciar -> executar -> regedit -> enter -> escreva -> dummy.net e/ou mynewslink.com -> da 1 toque antes de executar alguma coisa.

Post um log integral HJThis com todas as entradas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fala the woo po valeu pelo empenho só nessas suas respostas aprendi muita coisa !!!!

então com certeza foi no Kazza que peguei isso os ultimos arquivos baixados foram gerador de creditos para celular e tambem o gogle earth pro !

Seria bom a galera ficar esperta com esses arquivos...

O site de dicas do hijackthis é ótimo...aprendi muito !!!

Segue o log:

mas antes repare nessa entrada:

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

eu não consigo apagar nunca ....o win diz q tem outro programa usando ele.

Sera que é algo ?

Abraços.....

Logfile of HijackThis v1.99.1

Scan saved at 00:25:04, on 13/9/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\SPYWAR~2\swdoctor.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Meus documentos\Download\Spywere\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [spyware Doctor] C:\ARQUIV~1\SPYWAR~2\swdoctor.exe /Q

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~2\tools\iesdpb.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
mas antes repare nessa entrada:

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

eu não consigo apagar nunca ....o win diz q tem outro programa usando ele.

Sera que é algo ?

Esta entrada não é ruim. -> veja

acho que voce deveria seguir pistas aqui nesta localidade...

Postado Originalmente por The Who Postado em Ontem@ 20:07

Seu log omitiu algumas possíveis entradas, como protocolos, Configurações da rede, DNS....

veja

http://linhadefensiva.uol.com.br/docs/hija...o/8#entrada-o17

http://linhadefensiva.uol.com.br/docs/hijackthis-completo/9/

talvez estas entradas mostraria-nos algumas pistas....

Acredito que seu problema esteja relacionado com configuração do modem, protocolos, DNS.

Procure no registro do windows como expliquei (tecla F3) e coloca por exemplo

http://searching.net

http://66.116.109.29/

http://dummy.net

http://mynewslink.com

Instale uma firewall + -> hosts clica, aliás envolva-se neste link, talvez esteja ai sua resposta.

então com certeza foi no Kazza que peguei isso os ultimos arquivos baixados foram gerador de creditos para celular e tambem o gogle earth pro !

Não sei lhe dizer se foi alguma sacanagem. Até poderia ser... sabe como é ... Na verdade existe um bug ou coisa assim... relacionando determinada config e modem específico. Tomara que seja seu caso e talvez encontre respostas aqui mesmo no Clube do Hardware, no entanto vou “linkar” para você correr atrás destas correlações, pois os redirecionamentos vão para determinado “site search”, muita coincidência.

clica aqui

qualquer dúvida retorne antes de executar

Compartilhar este post


Link para o post
Compartilhar em outros sites

clica aqui

aí The Wooooooooooo.....

Finalmente resolvi o problemaaaaaaaaaaaa

Era do meu modem o 3Com 812 !!!!

Ele tinha um dominio nas configs que quando colocava o site errado ou demorava pra carregar ele direcionava para esse dominio - dummy.net.

Ai com a dica do site eu apaguei e coloquei um site que não existe e agora ta tudo ok !!!

Valeu pela paciencia e por toda sua ajuda !!!!!

Um abraço...e quem tiver esse problema e quiser alguma dica olha nesse link em cima .

ALOHA !!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

CASO RESOLVIDO!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×